5 Things Small Businesses Need to Know about New FTC Privacy Rules

Ever since the White House released its Consumer Privacy Bill of Rights [PDF] in February, the issue has been drawing high-profile attention. Most recently, the Federal Trade Commission published a 72-page report on consumer privacy that may influence how small businesses interact and maintain with customers and handle their personal information both online and offline. This data may include everything from customers’ names and addresses to their purchase history and even which pages they’ve viewed on your website.

Here are five things small businesses need to know about the FTC report and its recommendations as U.S. data-privacy regulations evolve.

1. The report doesn’t actually establish any rules. But it does make recommendations to Congress for developing new consumer-privacy laws. It also offers best practices for businesses to put into place whether or not the government ultimately requires them to do so.

2. Some small businesses don’t need to worry. Companies that collect only “nonsensitive” consumer data and don’t share it with third parties are essentially exempt from the FTC guidelines. However, if you gather sensitive data — the report mentions Social Security numbers and financial, health, children’s, and geolocation information as examples — then you’re on the hook. What’s more, if you collect any data from more than 5,000 customers each year, or if you share information with third parties, the FTC recommends following its best practices.

3. Common sense goes a long way. Small businesses that already prioritize customer care shouldn’t have a great deal of trouble adopting the FTC’s best practices, which stress transparency and simplicity. Be upfront with customers about what information you collect and why. Keep privacy policies simple and easy to understand. Give customers the choice to opt out when applicable, such as in instances where you might share their information with another business. Communicate any changes to your customer-data policies before you implement them. Protect customer information with strong security and other data-integrity measures.

4. Do Not Track is coming. Web browsers such as Mozilla Firefox already have privacy tools that allow consumers to limit the data that’s collected about their online activity. The Digital Advertising Alliance has a tool for members, too. But there are no industry standards yet, and the FTC says it will prioritize its efforts this year to develop a universal system to allow consumers to prevent websites from tracking their activity. If that comes to fruition, it would likely affect any website that uses cookies, sells advertising, or otherwise collects user data.

5. Pay particular attention to mobile data. The FTC report notes, and rightfully so, that the mobile era creates an entirely new universe of consumer data: “The unique features of a mobile phone — which is highly personal, almost always on, and travels with the consumer — have facilitated unprecedented levels of data collection.” As a result, mobile regulation is another of the FTC’s top priorities — and, alongside Do Not Track, it’s one of the issues most likely to impact small businesses.

If you collect geolocation or check-in data, have a mobile app, or even just maintain a mobile website, treat the information with the same degree of importance as other categories. Expect more guidelines or regulatory requirements, too. The FTC says it’s keen on developing a standard for mobile-privacy disclosures that are “short, effective, and accessible to consumers on a small screen.”